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1 Cross-domain one-shot authorization using smart cards 
#i> Richard Au, Mark Looi, Paul Ashley 

November 2000 Proceedings of the 7th ACM conference on Computer and 

communications security 
Publisher: ACM Press 

Full text available: ffil pdf(283.05 KB) Additional Information: full citation , references , index terms 



Keywords: access control, authorization scheme, authorization server, one-shot 
authorization token, smart card 



2 Applications: A context-related authorization and access control method based on 
^ RBAC: 

^ Marc Wilikens, Simone Feriti, Alberto Sanna, Marcelo Masera 

June 2002 Proceedings of the seventh ACM symposium on Access control models and 

technologies 
Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings , index 



Full text available: pdf(260.70 KB) 

L ^ J terms 

This paper describes an application of authorization and access control based on the Role 
Based Access Control (RBAC) method and integrated in a comprehensive trust 
infrastructure of a health care application. The method is applied to a health care business 
process that involves multiple actors accessing data and resources needed for performing 
clinical and logistics tasks in the application. The notion of trust constituency is introduced 
as a concept for describing the context of authorisation. ... 

Keywords: role based access control (RBAC), secure health care system, trust 
infrastructure 



3 Proposed NIST standard for role-based access control 
^ David F. Ferraiolo, Ravi Sandhu, Serban Gavrila, D. Richard Kuhn, Ramaswamy 
^ Chandramouli 

August 2001 ACM Transactions on Information and System Security (TISSEC), volume 4 

Issue 3 

Publisher: ACM Press 
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Full text available: pdf(417.90 KB) Additional Information: full citation , abstract , references , citings , index 

terms 

In this article we propose a standard for role-based access control (RBAC). Although RBAC 
models have received broad support as a generalized approach to access control, and are 
well recognized for their many advantages in performing large-scale authorization 
management, no single authoritative definition of RBAC exists today. This lack of a widely 
accepted model results in uncertainty and confusion about RBAC's utility and meaning. 
The standard proposed here seeks to resolve this situation by u ... 

Keywords: Role-based access control, access control, authorization management, 
security, standards 



Access management for distributed systems: Peer-to-peer access control 

architecture using trusted computing technology 
Ravi Sandhu, Xinwen Zhang 

June 2005 Proceedings of the tenth ACM symposium on Access control models and 

technologies 
Publisher: ACM Press 

Full text available: ^ pdf(215.48 KB) Additional Information: full citation , abstract , references , index terms 

It has been recognized for some time that software alone does not provide an adequate 
foundation for building a high-assurance trusted platform. The emergence of industry- 
standard trusted computing technologies promises a revolution in this respect by 
providing roots of trust upon which secure applications can be developed. These 
technologies offer a particularly attractive platform for security in peer-to-peer 
environments. In this paper we propose a trusted computing architecture to enforce ac . 



Keywords: access control, policy enforcement, security architecture, trusted computing 



5 A model of OASIS role-based access control and its support for active security 
Jean Bacon, Ken Moody, Walt Yao 

November 2002 ACM Transactions on Information and System Security (TISSEC), 

Volume 5 Issue 4 

Publisher: ACM Press 

i- n * ^ ■. u. ict ^/oco A C Additional Information: full citation , abstract , references , citings , index 

Full text available: TO pdf(352.06 KB) 

terms 

OASIS is a role-based access control architecture for achieving secure interoperation of 
services in an open, distributed environment. The aim of OASIS is to allow autonomous 
management domains to specify their own access control policies and to interoperate 
subject to service level agreements (SLAs). Services define roles and implement formally 
specified policy to control role activation and service use; users must present the required 
credentials, in an appropriate context, in order to activat ... 

Keywords: Certificates, OASIS, RBAC, distributed systems, policy, role-based access 
control, service-level agreements 



6 A taxonomy of computer program security flaws 

Carl E. Landwehr, Alan R. Bull, John P. McDermott, William S. Choi 
September 1994 ACM Computing Surveys (CSUR), volume 26 issue 3 

Publisher: ACM Press 

Full text available: f^ pdf(3.81 MB) Additional Information: full citation , abstract , references , ci tings , index 
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terms , review 

An organized record of actual flaws can be useful to computer system designers, 
programmers, analysts, administrators, and users. This survey provides a taxonomy for 
computer program security flaws, with an Appendix that documents 50 actual security 
flaws. These flaws have all been described previously in the open literature, but in widely 
separated places. For those new to the field of computer security, they provide a good 
introduction to the characteristics of security flaws and how they ... 

Keywords: error/defect classification, security flaw, taxonomy 



7 Access control: An access control framework for business processes for web 
services 



Hristo Koshutanski, Fabio Massacci 

October 2003 Proceedings of the 2003 ACM workshop on XML security 
Publisher: ACM Press 

r- .. * * -i ui n Mtnen cc ixm Additional Information: full citation , abstract , references , index terms . 

Full text available: fjfl pdf 269.56 KB) — ; 

LJ "^ review 

Business Processes for Web Services are the new paradigm for the lightweight integration 
of business from different enterprises. Whereas the security and access control policies for 
basic web services and distributed systems are well studied and almost standardized, 
there is not yet a comprehensive proposal for an access control architecture for business 
processes. The major issue is that a business process describe complex services that 
cross organizational boundaries and are provided by entitie ... 

Keywords: controlled disclosure, distributed systems security, e-business, interactive 
access control, security management, web services 



8 A composable framework for secure multi-modal access to internet services from 
Post-PC devices 

Steven J. Ross, Jason L. Hill, Michael Y. Chen, Anthony D. Joseph, David E. Culler, Eric A. 
Brewer 

October 2002 Mobile Networks and Applications, volume 7 issue 5 
Publisher: Kluwer Academic Publishers 

_ ii , , , u ^ Mt * An no i/o\ Additional Information: full citation , abstract , references , index terms . 

Full text available: f? : 1 pdf(340.33 KB) — : 

L ^ review 

The Post-PC revolution is bringing information access to a wide range of devices beyond 
the desktop, such as public kiosks, and mobile devices like cellular telephones, PDAs, and 
voice based vehicle telematics. However, existing deployed Internet services are geared 
toward the secure rich interface of private desktop computers. We propose the use of an 
infrastructure-based secure proxy architecture to bridge the gap between the capabilities 
of Post-PC devices and the requirements of Internet ser ... 

Keywords: internet, middleware, post-PC, security, transcoding 



9 SIGCOMM 1- Software-hardware interactions: An experimental application of 
^ cryptography to a remotely accessed data system 
^ J. L. Smith, W. A. Notz, P. R. Osseck 

August 1972 Proceedings of the ACM annual conference - Volume 1 

Publisher: ACM Press 

Full text available: *g!) pdff1.46 MB) Additional Information: full citation , abstract , references , ci tings 
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An experimental system has been developed which illustrates ways cryptography can be 
applied to certain data-security problems concerning remotely accessible data files. These 
problems are in two main classes: security of data while in transit over communications 
lines and security of data while in storage. The system makes use of a combination of 
software and special hardware to provide enciphering and deciphering of messages 
between a terminal and a data processor. Not only is the content of m ... 

Keywords: communication security, cryptography, data communications, data security, 
data-base protection, file protection, teleprocessing, terminals authentication, time- 
shared systems 



10 On-line e-wallet system with decentralized credential keepers 
Stig Frode Mjolsnes, Chunming Rong 

February 2003 Mobile Networks and Applications, volume 8 issue l 
Publisher: Kluwer Academic Publishers 

Full text available: ^ pdf(240.23 KB) Additional Information: full citation , abstract , references , index terms 

We propose a generalization of the architecture of an electronic wallet, as first developed 
in the seminal European research project CAFE. With this model you can leave most of the 
content of your electronic wallet at the security of your residential electronic keeper, while 
roaming with your favorite mobile terminals. Emerging mobile handsets with both short 
range Bluetooth and cellular GPRS communications provide a sufficient communication 
platform for this electronic wallet architecture. Howe ... 

Keywords: digital credentials, e-wallet architecture, mobile commerce, payment 
protocols, privacy 



11 A fine-grained access control system for XML documents 

Ernesto Damiani, Sabrina De Capitani di Vimercati, Stefano Paraboschi, Pierangela Samarati 
May 2002 ACM Transactions on Information and System Security (TISSEC), volume 5 

Issue 2 

Publisher: ACM Press 

_ ill ^ , u, >m C n Additional Information: full citation , abstract , references , citings , index 

Full text available: ft] pdf(330.60 KB) 

^ terms 

Web-based applications greatly increase information availability and ease of access, which 
is optimal for public information. The distribution and sharing of information via the Web 
that must be accessed in a selective way, such as electronic commerce transactions, 
require the definition and enforcement of security controls, ensuring that information will 
be accessible only to authorized entities. Different approaches have been proposed that 
address the problem of protecting information in a Web ... 

Keywords: Access control, World Wide Web, XML documents, authorizations specification 
and enforcement 



12 Unlinkable serial transactions: protocols and applications 
& Stuart G. Stubblebine, Paul F. Syverson, David M. Goldschlag 

^ November 1999 ACM Transactions on Information and System Security (TISSEC), 

Volume 2 Issue 4 

Publisher: ACM Press 

r- „ . ^ - t u, dsn o-7 Additional Information: full citation , abstract , references , citings , index 
Full text available: m l pdf(184.87 KB) 



terms , review 

We present a protocol for unlinkable serial transactions suitable for a variety of network- 
based subscription services. It is the first protocol to use cryptographic blinding to enable 
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subscription services. The protocol prevents the service from tracking the behavior of its 
customers, while protecting the service vendor from abuse due to simultaneous or cloned 
use by a single subscriber. Our basic protocol structure and recovery protocol are robust 
against failure in protocol termination. ... 

Keywords: anoymity, blinding, cryptographic protocols, unlinkable serial transactions 



13 Network layer access control for context-aware IPv6 applications 

Adrian Friday, Maomao Wu, Joe Finney, Stefan Schmid, Keith Cheverst, Nigel Davies 
July 2003 Wireless Networks, volume 9 issue 4 
Publisher: Kluwer Academic Publishers 

Full text available: ^ pdff3.57 MB) Additional Information: full citation , abstract , references , index terms 

As part of the Lancaster GUIDE II project, we have developed a novel wireless access 
point protocol designed to support the development of next generation mobile context- 
aware applications in our local environs. Once deployed, this architecture will allow 
ordinary citizens secure, accountable and convenient access to a set of tailored 
applications including location, multimedia and context based services, and the public 
Internet. Our architecture utilises packet marking and network level packet ... 

Keywords: authentication, mobile IPv6, public access point, security, wireless Internet 



14 Content-triggered trust negotiation 

Jt^ Adam Hess, Jason Holt, Jared Jacobson, Kent E. Seamons 

August 2004 ACM Transactions on Information and System Security (TISSEC), volume i 

Issue 3 

Publisher: ACM Press 

Full text available: pdf(815.36 KB) Additional Information: full citation , abstract , references , index terms 

The focus of access control in client/server environments is on protecting sensitive server 
resources by determining whether or not a client is authorized to access those resources. 
The set of resources is usually static, and an access control policy associated with each 
resource specifies who is authorized to access the resource. In this article, we turn the 
traditional client/server access control model on its head and address how to protect the 
sensitive content that clients disclose to and r ... 

Keywords: Trust negotiation, access control, authentication, credentials 



15 Access control with IBM Tivoli access manager 
0. Gunter Karjoth 

>r May 2003 ACM Transactions on Information and System Security (TISSEC), volume 6 

Issue 2 

Publisher: ACM Press 

Full text available f*W(367.07 KB) AdditionaI lnformation: fuli citation > references , citings, index 

tta** 6 — ' terms 

Web presence has become a key consideration for the majority of companies and other 
organizations. Besides being an essential information delivery tool, the Web is 
increasingly being regarded as an extension of the organization itself, directly integrated 
with its operating processes. As this transformation takes place, security grows in 
importance. IBM Tivoli Access Manager offers a shared infrastructure for authentication 
and access management, technologies that have begun to emerge in the com ... 

Keywords: Access control, WWW security, Web servers, authorization management 
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16 Delegation logic: A logic-based approach to distributed authorization 
^ Ninghui Li, Benjamin N. Grosof, Joan Feigenbaum 

February 2003 ACM Transactions on Information and System Security (TISSEC), volume 

6 Issue 1 

Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings , index 



Full text available: TO pdf(316.24 KB) 

LlJ ~^ terms 

We address the problem of authorization in large-scale, open, distributed systems. 
Authorization decisions are needed in electronic commerce, mobile-code execution, 
remote resource sharing, privacy protection, and many other applications. We adopt the 
trust-management approach, in which "authorization" is viewed as a "proof-of- 
compliance" problem: Does a set of credentials prove that a request complies with a 
policy?We develop a logic-based language, called Delegation Logic (DL), t ... 

Keywords: Access control, Delegation Logic, distributed system security, logic programs, 
trust management 



17 Columns: Risks to the public in computers and related systems 
Peter G. Neumann 

January 2001 ACM SIGSOFT Software Engineering Notes, volume 26 issue l 
Publisher: ACM Press 

Full text available: f£ | pdf(3.24 MB) Additional Information: full citation 



18 A secure infrastructure for service discovery and access in pervasive computing 
Jeffrey Undercoffer, Filip Perich, Andrej Cedilnik, Lalana Kagal, Anupam Joshi 
April 2003 Mobile Networks and Applications, volume 8 issue 2 
Publisher: Kluwer Academic Publishers 

^/ono ox ixov Additional Information: full citation , abstract , references , citings, index 
Full text available: TO pdf(308.34 KB) 

Ll ^ r terms 

Security is paramount to the success of pervasive computing environments. The system 
presented in this paper provides a communications and security infrastructure that goes 
far in advancing the goal of anywhere-anytime computing. Our work securely enables 
clients to access and utilize services in heterogeneous networks. We provide a service 
registration and discovery mechanism implemented through a hierarchy of service 
management. The system is built upon a simplified Public Key Infrastructure t ... 

Keywords: distributed services, extensible markup language, pervasive computing, 
security, smartcards 



1 9 Trust but verify: authorization for web services 
^ Christian Skalka, X. Sean Wang 

October 2004 Proceedings of the 2004 workshop on Secure web service SWS '04 

Publisher: ACM Press 

Full text available: ||[ pdf(375.55 KB) Additional Information: full citation , abstract , references , index terms 

Through web service technology, distributed applications can be built in a flexible manner, 
bringing tremendous power to applications on the web. However, this flexibility poses 
significant challenges to security. In particular, an end user (be it human or machine) 
may access a web service directly, or through a number of intermediaries, while these 
intermediaries may be formed on the fly for a particular task. Traditional access control 
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for distributed systems is not flexible and efficient enou ... 

Keywords: access control logic, distributed authorization, web services 



20 Securing wireless applications: ESCORT: a decentralized and localized access 




control system for mobile wireless access to secured domains 
^ Jiejun Kong, Shirshanka Das, Edward Tsai, Mario Gerla 

September 2003 Proceedings of the 2003 ACM workshop on Wireless security 

Publisher: ACM Press 

Full text available: |£ | pdf(401.72 KB) Additional Information: full citation , abstract , references , index terms 

In this work we design and implement ESCORT, a backward compatible, efficient, and 
secure access control system, to facilitate mobile wireless access to secured wireless 
LANs. In mobile environments, a mobile guest may frequently roam into foreign domains 
while demanding critical network services. ESCORT provides instant yet secure access to 
the mobile guest based on the concept of "escort", which refers to a special network 
object with four distinct properties: (1) T ... 

Keywords: decentralized access control, identity privacy, location privacy, mobile 
privacy, wireless security 
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